A recent cyberattack on Hackensack Meridian Health, which is New Jersey’s biggest health network, resulted in the deployment of ransomware on its network. The ransomware attack caused file encryption so that the network went offline for two days.
Because there was no access to computer systems and health records, Hackensack Meridian Health had to call off non-emergency medical operations. Physicians and nurses needed to use pen and paper to continue caring for patients.
Hackensack Meridian Health detected the attack immediately and notified law enforcement and government authorities. Cybersecurity specialists were conferred with to know what is the best action to take. The health network at first said it experienced external technical problems so there would be no interference with the investigation. Later, it affirmed the occurrence of a ransomware attack.
Because of the ransomware attack, encrypted files had to be recovered from backup files. Computer systems should also be restored. That action could take many weeks. To stop continuing interruption to patient services, the provider decided to pay the ransom. Hackensack Meridian Health’s spokesperson said that it is their obligation to safeguard their communities’ access to medical care.
Hackensack Meridian Health did not disclose to the public the amount of ransom paid. However, it confirmed that its cybersecurity insurance plan will pay for a portion of the expense of the ransom payment and remediation work.
Hackensack Meridian Health has announced that the principal clinical system is now completely operational. However, other parts of the system might take a few more days to be back online.
A number of healthcare providers and business associates have likewise reported ransomware attacks in the last few weeks. Last week alone, the Cancer Center of Hawaii reported an attack and had to put off patients’ radiology treatments. A Colorado business associate also reported a ransomware attack that affected over 100 dental practices.
The HHS’ Office for Civil Rights, in its most recent cybersecurity letter, points out how HIPAA compliance could help stop ransomware attacks and make sure that healthcare companies can recover from ransomware attacks immediately when hackers are able to breach their defenses.